You are here: silicon.com > Software > Security Strategy

Security Strategy

Royal Mail tightens hacker defences

Case study: Weekly sweeps to spot any weaknesses for post service

Tags: qualys, case study, qinetiq, royal mail

Printer Friendly Email Story RSS

By Dan Ilett

Published: 14 June 2005 11:25 BST

The Royal Mail is tightening security practices by sweeping its networks for vulnerabilities on a weekly basis.

The postal service, which is starting to use more web-based business processes, has outsourced vulnerability and penetration testing to security company QinetiQ.

Martin Roe, Royal Mail's IT security manager, said: "What we were trying to achieve was periodic penetration tests five times a year. But they were quite irregular and I was worried about the gaps of time in between them."

Roe said he wanted more regular tests performed to ensure hackers stood no chance of breaking in: "I wanted to try and automate the process. I looked at vulnerability scans and we put it out to tender to see who could do this on a weekly basis instead of a few times a year."

He said vulnerability scanning on individual products was taking up valuable time for his staff, so the company opted for three services: QinetiQ's Managed Vulnerability Assessment and Alerting Service, a general security health check, and Qualys' Automated Scanning Service.

QinetiQ packaged the services to guard against the threats deemed to be most severe to Royal Mail.

Roe said he now receives weekly status reports with advice on any action his team needs to take, such as which software patches to apply. As a result, staff can focus on other areas of IT: "I'm now getting the sort of information I need. It follows my business logic. QinetiQ haven't an axe to grind and will provide me with straight facts. One of the nice things about it is I can set service level agreements with vendors."

QinetiQ's tests found Royal Mail's networks were more secure than Roe had thought: "It wasn't as bad as I was expecting it to be. We can spot things so much more quickly now. We now know the infrastructure is fairly sound so we can focus on applications."

Roe said he was happy with QinetiQ's work, and could even trust their staff like one of his own: "I have a rising endorsement for them. If I have a request beyond what they are obliged to do, they drop everything to do it. It's like having an employee at the end of the phone."

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Europe home to majority of zombies

Ecommerce sites panned for lack of security testing

Royal Mail hires new CIO from Diageo

Royal Mail IT chief gets £1m pay cheque

Royal Mail to spend £2m on RFID

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…

Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...


Prison tech: Mobiles blocked and bodies scanned

NHS data handling: Calls for independent audits

ID cards: 'Political' move, claim airport workers

Viacom vs Google: YouTube privacy fears

Google Talk finds a home on iPhone

ePassport upgrade scaled back



  • Jobs
Security Consultant Ethical Hacking / Penetration Testing - London

Responsibilities: - Deliver security assessment services including network scanning, vulnerability testing, penetration testing, search engine ...

LEADING RETIALER - MAC and WINDOWS SUPPORT - PARK ROYAL- 30k

A leading clothing retailer based in North West London is seeking an IT SUPPORT ENGINEER. They are seeking a strong individual who has had exposure ...

Security Penetration Test Engineer

I am looking for a Security Penetration Test Engineer. TECHNOLOGIES: Pen Testing, Penetration Testing, Network security, The testing is to be ...

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.

College classrooms go high-tech

Travis Perkins builds its tech future

Thin clients switch on digitally excluded

MSDN Webcast: Demystifying Office Business Applications for the Developer (Level...

Understanding SOA and Business Mashups: Automate. Coordinate. Collaborate. No coding...

Tips and Tricks for Office 2007

MSDN Webcast: Demystifying Office Business Applications for the Business Analyst...

Stories from the web...


Peter Cochrane's Video Blog: Power outrage

Business agility through flexible IT

What are you really saying?


Microsoft readies online apps for business

EU law to end file-sharers time online?

Privacy concerns over Google Street View

Get a Lively life, with Google avatars

Are banks going soft on e-crime?




Quick Sitemap Links: